Lucene search

K
cvelistMitreCVELIST:CVE-2013-1416
HistoryApr 19, 2013 - 10:00 a.m.

CVE-2013-1416

2013-04-1910:00:00
mitre
www.cve.org

5.8 Medium

AI Score

Confidence

Low

0.956 High

EPSS

Percentile

99.4%

The prep_reprocess_req function in do_tgs_req.c in the Key Distribution Center (KDC) in MIT Kerberos 5 (aka krb5) before 1.10.5 does not properly perform service-principal realm referral, which allows remote authenticated users to cause a denial of service (NULL pointer dereference and daemon crash) via a crafted TGS-REQ request.